goweb-oidc/cmd/server/container.go

102 lines
2.9 KiB
Go
Raw Normal View History

2020-05-20 10:43:12 +02:00
package main
import (
"context"
2022-07-21 14:58:53 +02:00
"crypto/tls"
"net/http"
2020-05-20 10:43:12 +02:00
2020-05-22 16:03:59 +02:00
"gitlab.com/wpetit/goweb/logger"
2020-05-20 10:43:12 +02:00
"gitlab.com/wpetit/goweb/template/html"
oidc "forge.cadoles.com/wpetit/goweb-oidc"
"forge.cadoles.com/wpetit/goweb-oidc/internal/config"
"github.com/gorilla/sessions"
"github.com/pkg/errors"
"gitlab.com/wpetit/goweb/service"
"gitlab.com/wpetit/goweb/service/build"
"gitlab.com/wpetit/goweb/service/session"
"gitlab.com/wpetit/goweb/service/template"
"gitlab.com/wpetit/goweb/session/gorilla"
)
2020-05-22 16:03:59 +02:00
func getServiceContainer(ctx context.Context, conf *config.Config) (*service.Container, error) {
2020-05-20 10:43:12 +02:00
// Initialize and configure service container
ctn := service.NewContainer()
ctn.Provide(build.ServiceName, build.ServiceProvider(ProjectVersion, GitRef, BuildDate))
keyPairs := make([][]byte, 0)
2020-05-20 10:43:12 +02:00
// Generate random cookie authentication key if none is set
if conf.HTTP.CookieAuthenticationKey == "" {
2020-05-22 16:03:59 +02:00
logger.Info(ctx, "could not find cookie authentication key. generating one...")
2020-05-20 10:43:12 +02:00
cookieAuthenticationKey, err := gorilla.GenerateRandomBytes(64)
if err != nil {
return nil, errors.Wrap(err, "could not generate cookie authentication key")
}
conf.HTTP.CookieAuthenticationKey = string(cookieAuthenticationKey)
}
keyPairs = append(keyPairs, []byte(conf.HTTP.CookieAuthenticationKey))
2020-05-20 10:43:12 +02:00
// Use cookie encryption key if set
if conf.HTTP.CookieEncryptionKey != "" {
keyPairs = append(keyPairs, []byte(conf.HTTP.CookieEncryptionKey))
2020-05-20 10:43:12 +02:00
}
// Create and initialize HTTP session service provider
cookieStore := sessions.NewCookieStore(keyPairs...)
2020-05-20 10:43:12 +02:00
// Define default cookie options
cookieStore.Options = &sessions.Options{
Path: conf.HTTP.CookiePath,
2020-05-20 10:43:12 +02:00
HttpOnly: true,
MaxAge: conf.HTTP.CookieMaxAge,
SameSite: conf.HTTP.CookieSameSite,
2020-05-20 10:43:12 +02:00
}
ctn.Provide(
session.ServiceName,
gorilla.ServiceProvider("oidc-test", cookieStore),
)
// Create and expose template service provider
ctn.Provide(template.ServiceName, html.ServiceProvider(
conf.HTTP.TemplateDir,
))
2022-08-10 11:11:22 +02:00
// Create and expose config service provider
ctn.Provide(config.ServiceName, config.ServiceProvider(conf))
2022-07-21 14:58:53 +02:00
defaultHTTPTransport, ok := http.DefaultTransport.(*http.Transport)
if ok {
if defaultHTTPTransport.TLSClientConfig == nil {
defaultHTTPTransport.TLSClientConfig = &tls.Config{}
}
defaultHTTPTransport.TLSClientConfig.InsecureSkipVerify = conf.OIDC.InsecureSkipVerify
} else {
logger.Fatal(
ctx,
"could not configure default http client",
)
}
2023-11-02 18:21:54 +01:00
provider, err := oidc.NewProvider(ctx, conf.OIDC.IssuerURL, conf.OIDC.SkipIssuerVerification)
2020-05-20 10:43:12 +02:00
if err != nil {
return nil, errors.Wrap(err, "could not create oidc provider")
}
ctn.Provide(oidc.ServiceName, oidc.ServiceProvider(
oidc.WithCredentials(conf.OIDC.ClientID, conf.OIDC.ClientSecret),
oidc.WithProvider(provider),
oidc.WithScopes(conf.OIDC.Scopes...),
2023-11-02 18:21:54 +01:00
oidc.WithAcrValues(conf.OIDC.AcrValues),
oidc.WithSkipIssuerCheck(conf.OIDC.SkipIssuerVerification),
2020-05-20 10:43:12 +02:00
))
return ctn, nil
}